diff --git a/src/indexer/database.ts b/src/indexer/database.ts
index 517a78c1b47ae9180e46c613d51ca64a7df54172..d0825cf264279e1fcfa0860a3c179797bf87be21 100644
--- a/src/indexer/database.ts
+++ b/src/indexer/database.ts
@@ -218,8 +218,14 @@ export async function handleInsertRequest(irCID: CID, ir: IndexRequest): Promise
 
     // delete cesium plus profile
     case CESIUM_PLUS_PROFILE_DELETE:
-      // FIXME if delete instruction is received from past, this should be ignored
-      // i.e.: database should keep track of deleted profiles with a timestamp to allow items to be inserted in any order
+      // NOTE: if delete instruction is received from past, an existing profile can be deleted
+      // Cases when it can occur:
+      // - a profile is deleted, then re-created, then an attacker submits again the deletion message within the MAX_IR_TIME_DIFF delay
+      // - a node is synchronizing, gets profile creation from pubsub, and then gets old deletion request from peer
+      // NOTE: the same can happen if create instruction if received from the past
+      // We could prevent it by: 
+      // - keeping track of deleted profiles with a timestamp
+      // Not implemented yet because these cases have low probability, but this should be implemented in the future.
       await client.query(`DELETE FROM profiles WHERE pubkey = $1;`, [ir.pubkey])
       return